Dave, I would encourage you to check whether websockets are enabled on the T:Z product. If not, nothing to worry about, and you can report the issue to your security team as mitigated.
Joe On Tue, Sep 1, 2020 at 6:00 AM Jousma, David < 000001a0403c5dc1-dmarc-requ...@listserv.ua.edu> wrote: > Thanks Kirk, > > Totally understand re free z/OS distribution. Any plans to port a newer > version? We've got a lot of time/effort in our Tech support wiki, and all > the documentation that is in it. I don’t want to be forced to shut it > down due to the reported vulnerability. Is there a RYO path to newer > version on z/OS with SAF support? > > > _____________________________________________________________________________________________________ > Dave Jousma > AVP | Director, Technology Engineering > > Fifth Third Bank | 1830 East Paris Ave, SE | MD RSCB2H | Grand > Rapids, MI 49546 > 616.653.8429 | fax: 616.653.2717 > > > -----Original Message----- > From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf > Of Kirk Wolf > Sent: Monday, August 31, 2020 5:23 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Dovetail/Kirk Wolf? > > **CAUTION EXTERNAL EMAIL** > > **DO NOT open attachments or click on links from unknown senders or > unexpected emails** > > I'm fine (and utterly amused that my status might be inferred from my > cancelled Twitter account :-) > > We wanted to look into your Tomcat request from Thursday before responding. > We do offer a z/OS distribution of Tomcat free without support, so > sometimes other things take precedence. > To confirm: Tomcat 8.5.6 is the last z/OS integration build that we > currently offer. > > Kirk Wolf > Dovetailed Technologies > > https://protect2.fireeye.com/url?k=c6be0738-9ae2f337-c6be2da0-0cc47a33347c-7966752b50828413&u=http://dovetail.com/ > > On Mon, Aug 31, 2020 at 12:12 PM Dave Jousma < > 000001a0403c5dc1-dmarc-requ...@listserv.ua.edu> wrote: > > > Has anyone heard from Kirk Wolf recently? I don’t see much action on > his > > community forum over at dovetail.com either. > > > > I ask because we have been running Dovetail’s port of TOMCAT on Z that > > has the SAF interfaces added to it to house our internal team > documentation. > > We are admittedly behind, but I only see TOMCAT 8.5.6 on Dovetails > > site, and our security folks have identified a security > > vulnerability(WebSocket DoS CVE-2020-13935) in all releases older than > 9.0.37. > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, send > > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email > to lists...@listserv.ua.edu with the message: INFO IBM-MAIN **CAUTION > EXTERNAL EMAIL** > > **DO NOT open attachments or click on links from unknown senders or > unexpected emails** > > This e-mail transmission contains information that is confidential and may > be privileged. It is intended only for the addressee(s) named above. If > you receive this e-mail in error, please do not read, copy or disseminate > it in any manner. If you are not the intended recipient, any disclosure, > copying, distribution or use of the contents of this information is > prohibited. Please reply to the message immediately by informing the sender > that the message was misdirected. After replying, please erase it from your > computer system. Your assistance in correcting this error is appreciated. > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN